diff options
author | Arne Schwabe | 2023-10-09 12:53:36 +0200 |
---|---|---|
committer | Gert Doering | 2023-10-18 12:00:55 +0200 |
commit | 3985da96215b8107111d2c0a1cd810e86b210cd1 (patch) | |
tree | 92be47dde0192f68d6b751aa5d0f355f848ade11 | |
parent | c54e1b226e9d6709cdc2b243e6a961a6cd47c7c6 (diff) | |
download | openvpn-3985da96215b8107111d2c0a1cd810e86b210cd1.zip openvpn-3985da96215b8107111d2c0a1cd810e86b210cd1.tar.gz |
Add warning if a p2p NCP client connects to a p2mp server
Change-Id: I85ae4e1167e1395b4f59d5d0ecf6c38befcaa8a7
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20231009105336.34267-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27191.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 2574ae5e6961ed5b39531a7f98e537f72f87bcfb)
-rw-r--r-- | src/openvpn/multi.c | 9 | ||||
-rw-r--r-- | src/openvpn/ssl_ncp.c | 6 | ||||
-rw-r--r-- | src/openvpn/ssl_ncp.h | 2 |
3 files changed, 13 insertions, 4 deletions
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index aad11b1..83411e8 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1811,6 +1811,15 @@ multi_client_set_protocol_options(struct context *c) return false; } + /* Print a warning if we detect the client being in P2P mode and will + * not accept our pushed ciphers */ + if (proto & IV_PROTO_NCP_P2P) + { + msg(M_WARN, "Note: peer reports running in P2P mode (no --pull/--client" + "option). It will not negotiate ciphers with this server. " + "Expect this connection to fail."); + } + if (proto & IV_PROTO_REQUEST_PUSH) { c->c2.push_request_received = true; diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c index dafaef1..0ca6d42 100644 --- a/src/openvpn/ssl_ncp.c +++ b/src/openvpn/ssl_ncp.c @@ -24,7 +24,7 @@ */ /** - * @file Control Channel SSL/Data dynamic negotion Module + * @file Control Channel SSL/Data dynamic negotiation Module * This file is split from ssl.c to be able to unit test it. */ @@ -258,8 +258,8 @@ ncp_get_best_cipher(const char *server_list, const char *peer_info, const char *peer_ncp_list = tls_peer_ncp_list(peer_info, &gc_tmp); - /* non-NCP client without OCC? "assume nothing" */ - /* For client doing the newer version of NCP (that send IV_CIPHER) + /* non-NCP clients without OCC? "assume nothing" */ + /* For client doing the newer version of NCP (that send IV_CIPHERS) * we cannot assume that they will accept remote_cipher */ if (remote_cipher == NULL || (peer_info && strstr(peer_info, "IV_CIPHERS="))) diff --git a/src/openvpn/ssl_ncp.h b/src/openvpn/ssl_ncp.h index d27ed24..de7a0e4 100644 --- a/src/openvpn/ssl_ncp.h +++ b/src/openvpn/ssl_ncp.h @@ -23,7 +23,7 @@ */ /** - * @file Control Channel SSL/Data dynamic negotion Module + * @file Control Channel SSL/Data dynamic negotiation Module * This file is split from ssl.h to be able to unit test it. */ |